[Webkit-unassigned] [Bug 156625] New: Deprecate/remove support for X-Frame-Options in `<meta>`
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 15 06:26:18 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=156625
Bug ID: 156625
Summary: Deprecate/remove support for X-Frame-Options in
`<meta>`
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mkwst at chromium.org
Firefox and Edge follow the RFC's suggestion (https://tools.ietf.org/html/rfc7034#section-4) to ignore the 'X-Frame-Options' header when delivered as `<meta http-equiv="...">` (and have done so from their initial implementations).
Blink has just removed this functionality (https://crbug.com/603002). The risks were outlined in https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/R1gkjKZI0J8, and seem minimal (~150 domains use the feature, period).
Perhaps WebKit could consider removing support as well?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160415/292c4283/attachment-0001.html>
More information about the webkit-unassigned
mailing list